<?php
// start session
session_start(); 
$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
   include 'library/config.php';
   include 'library/connect.php';

   $userId = $_POST['txtUserId'];
   $password = $_POST['txtPassword'];
   //hash password
   $spassword = md5($password.$md5secure);

   // check database
   $sql = "SELECT user_id 
           FROM tbl_auth_user
           WHERE user_id = '$userId' 
                 AND user_password = PASSWORD('$spassword')";

   $result = mysql_query($sql) 
             or die('Query failed. ' . mysql_error()); 

   if (mysql_num_rows($result) == 1) {
      // the user id and password match, 
      // set session
      $_SESSION['db_is_logged_in'] = true;

      // move to:
      $host  = $_SERVER['HTTP_HOST'];
	  $uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
	  $extra = 'mypage.php';
	  header("Location: http://$host$uri/$extra");
	  exit;

      exit;
   } else {
      $errorMessage = 'Sorry, wrong user id / password';
   }

   include 'library/disconnect.php';
}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
</body>
</html>